IN THE CLAIMS 



This listing of claims will replace all prior versions, and listings, of claims in the 
application: 
Listing of Claims: 

1 . (Currently Amended) A method for providing security for a computer network, 
comprising: 

automatically generating content for a computer associated with the network; 

creating on the computer a deception environment comprising a fully functional 
operating system and the automatically generated content; 

determining automatically based on a preconfigured policy not specific to any 
user whether a user should be routed to the deception environment; md 

routing the user to the deception environment if it is determined that the user 
should be routed to the deception environment; 

receiving an indication that the user is no longer connected to the computer; and 

determining whether to retain changes in the files of the computer that resulted 
from the user's activities. 

wh e r e in th e quantity and substanc e of th e g e n e rat e d cont e nt aro such that the 

d e ception environm e nt would pr e s e nt to an intruder a credibl e v e rsion of a syst e m such as th e 
intrud e r would e xp e ct to s ee upon gaining unauthorized access to th e comput e r. 

2. (Original) The method of claim 1, further comprising monitoring the activities of the 
user with respect to the computer. 

3. (Previously Presented) The method of claim 2, further comprising automatically 
preventing the user fi-om accessing a file which if accessed would reveal to the user that an 
activity of the user is being monitored. 

4. (Original) The method of claim 1 further comprising storing the packets sent by the user. 
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5. (Original) The method of claim 1 further comprising logging information concerning the 
files to which the user requests access. 

6. (Original) The method of claim 1 further comprising preventing the user fi-om accessing 
content within the computer other than the generated content. 

7. (Original) The method of claim 1 further comprising screening a request by the user to 
access a file to determine if access is permitted. 

8. (Original) The method of claim 7 further comprising permitting access to a requested file 
if it is determined that access to the requested file is permitted. 

9. (Original) The method of claim 7 further comprising providing an indication that a 
requested file does not exist if it is determined that access is not permitted. 

10. (Original) The method of claim 1 further comprising generating additional content 
subsequent to the step of generating content; 

1 1 . (Original) The method of claim 10 further comprising adding the additional content to 
the previously-generated content. 

12. (Previously Presented) The method of claim 1 wherein the step of routing comprises 
using network address translation to route to the deception environment any user that requests to 
access an unauthorized service. 

13. (Original) The method of claim 12 wherein the unauthorized service is telnet. 

14. (Canceled) 

15. (Canceled) 

16. (Currently Amended) The method of claim 1 [[5]] further comprising resetting the 
computer to restore the computer and the generated content to the condition they were in prior to 
the user being routed to the deception environment if it is determined the changes should not be 
retained. 
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17. (Currently Amended) The method of claim 1 [[6]] further comprising updating the 
generated content by generating additional content that appears to have been created during the 
time period during which the user was connected to the computer. 

18 -29 (Canceled) 

30. (Currently Amended) A system for providing security for a computer network, 
comprising: 

a computer configured to: 

automatically generate content for the computer, wherein the computer is associated with 
the network; and 

create on the computer a deception environment comprising a fully functional operating 
system and the automatically generated content; and 
a network device configured to: 

determine automatically based on a preconfigured policy not specific to any user whether 
a user should be routed to the deception environment; and 

route the user to the deception environment if it is determined that the user should be 
routed to the deception environment; 

receive an indication that the user is no longer connected to the computer: and 

determine whether to retain changes in the files of the computer that resulted firom the 
user's activities. 

wh e r e in th e quantity and substanc e of th e g e n e rat e d cont e nt ar e such that th e d e c e ption 

e nvironm e nt would pr e s e nt to an intrud e r a cr e dible v e rsion of a syst e m such as th e intrud e r 
would e xp e ct to se e upon gaining unauthoriz e d acc e ss to th e comput e r. 
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31 . (Original) The system of claim 30, wherein the network device is a firewall. 

32. (Currently Amended) A computer program product for providing security for a computer 
network, the computer program product being embodied in a computer readable medium and 
comprising computer instructions for: 

automatically generating content for a compute r, wh e r e in th e comput e r is associated with 
the network; 

creating on the computer a deception environment comprising a fiilly fiinctional 
operating system and the automatically generated content; 

determining automatically based on a preconfigured policy not specific to any user 
whether a user should be routed to the deception environment; ^id 

routing the user to the deception environment if it is determined that the user should be 
routed to the deception envirotmient; 

receiving an indication that the user is no longer connected to the computer; and 

determining whether to retain changes in the files of the computer that resulted fi-om the 
user's activities. 

wh e rein th e quantity and substanc e of th e g e n e rat e d cont e nt are such that the d e c e ption 

environm e nt would pr e s e nt to an intrud e r a credibl e v e rsion of a syst e m such as th e intrud e r 
would e xpect to s ee upon gaining unauthoriz e d acc e ss to the comput e r. 

33. (Canceled) 
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INTERVIEW SUMMARY UNDER 37 CFR S1.133 AND MPEP §713,04 

A telephonic interview in the above-referenced case v^as conducted on May 5, 2005 
between the Examiner and the AppUcants' representatives WilUam James and Clover Huang. 
The Final Office Action mailed on January 27, 2005 was discussed. Specifically, the rejection of 
claim 1 under 35 U.S.C. 1 12 and the proposed amendment set forth herein were discussed with 
the intent to place the claims in better condition for allowance or appeal. The Applicants wish to 
thank the Examiner for his time and attention in this case. 
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